Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
378
Views
0
Helpful
4
Replies

Firewall Failover

Lavanholy
Level 1
Level 1

‎05-14-2007 01:35 AM - edited ‎03-11-2019 03:13 AM

Hi,

I have 2 PIX firewall in failover mode.

When I issue Show failover command ,I getting the following message,

ROKO# sh failover

Failover On

Cable status: Other side powered off

Reconnect timeout 0:00:00

Poll frequency 15 seconds

Last Failover at: 16:43:57 IST Sat May 12 2007

This host: Primary - Active

Active time: 155925 (sec)

Interface outside (10.59.23.1): Link Down (Waiting)

Interface inside (172.16.0.1): Normal (Waiting)

Interface dmz (192.168.100.1): Normal (Waiting)

Interface intf3 (0.0.0.0): Link Down (Shutdown)

Other host: Secondary - Standby

Active time: 0 (sec)

Interface outside (10.59.23.8): Unknown (Waiting)

Interface inside (172.16.0.8): Unknown (Waiting)

Interface dmz (192.168.100.8): Unknown (Waiting)

Interface intf3 (0.0.0.0): Unknown (Shutdown)

Stateful Failover Logical Update Statistics

Link : Unconfigured.

In the above what is the meaning of

Cable status: Other side powered off

Secondly when one firewall is in Active mode and other is in Passive,(failover mode)If I connect the console to the secondary firewall which is in passive mode,Can I able to access the secondary firewall.

Please help me.

Thanks and Regards,

S.Venkataraman.

Labels:
0 Helpful
4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

‎05-14-2007 01:54 AM

Hi

This message indicates that the standby unit is actually powered down. Have you checked the status of the standby unit ?. Also if this is not the issue check the failover cable and if possible replace.

If you connect the console to the secondary firewall yes you should be able to access the firewall. Be sure not to configure anything on this secondary firewall though. Config should always be done on the active.

HTH

Jon

0 Helpful

mbroberson1
Level 3
Level 3

‎05-14-2007 07:40 AM

Issue this command to sync the PIXes.

"write failover"

Regards,

Brandon

0 Helpful

Lavanholy
Level 1
Level 1
In response to mbroberson1

‎05-14-2007 09:42 PM

Hi Brandon,

I have checked the follwoing:

1. Secondary PIX is powered ON

2. Fail over cable is checked it is O.k,When we remove the fail over cable,Show failover gives " not connected,when we attach the fail over cable ,then the cable status is " Powered Off" Is there any chance for the secondary PIX hardware issue?

3. Can I attach the Console to the passive (Secondary ) PIX and get the access to teh PI?(I will not change the configuration in the passiv)

4. Then the "write stand" is for writing the configuration changes of active PIX into the Passive PIX.

Please clarify.

Thankls and Regards,

S.venkataraman.

0 Helpful

mbroberson1
Level 3
Level 3

‎05-14-2007 07:41 AM

Sorry.

That was.

"write standby" to synch the configs.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card